RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem

["Geo." <geoincidents () nls net>]

> > In the scenario you describe, I cannot see any actual amplification...

I'll give you a senario where you can see.

lets say you have 2 name servers that are local to you.

I setup a domain, example.com. In this domain I create a text record which is 100K in length, I don't know, perhaps I 
paste the source code to decss in it, whatever it's a big text record.

Now I simply spoof a UDP packet using your IP address as the source address and send it to both of your dns servers. 
This packet is a query for the example.com text record. I have now sent two very small packets and you have received 
200K of traffic. That's the amplification, one small udp packet, one large text record in return.

Note, I don't have to use your local servers, but this way it makes it more fun to troubleshoot because it looks like 
you are the cause of your own flooding..

Geo.